Experience Eligibility Policy
To earn the CTPRP or CTPRA certification, individuals must pass the examination with a score of at least 70%, and hold a minimum of five (5) years' experience as a risk management professional in a position(s) which demonstrates proficiency in assessment, management, and remediation of third-party risk issues.
CTPRP Curriculum Blueprint
The CTPRP class curriculum is based on four practice areas which are outlined in the
Job Practice Guide. The CTPRP curriculum may be taught with instructor-led classes in-person or via an internet- based platform. Online on-demand modules are delivered in the Shared Assessments Program Learning Management System. All delivery formats utilize the same curriculum blueprint, learning objectives, and class outline. Curriculum materials are provided online in a read-only format.
CTPRP Class Outline
The class outline is grouped by each practice area and contains individual lessons based on the curriculum blueprint. Administrative topics are covered in Module 5, for which no Continuing Professional Education (CPE) credits are issued and no content is included in the examination. A total of 12 CPEs will be issued upon successful completion of all lessons within the class. CPE Certificates will be issued within 30 days of class completion.
Module 0: CTPRP Course Introduction/Overview (0%)
Module 1: Third Party Risk Management Foundation (25%)
Module 2: Third Party Risk Program Management (25%)
Module 3: Risk Control Domains (35%)
Module 4: Third Party Risk Assessment Process (15%)
Module 5: Examination Preparation & Testing Process (0%)
CTPRP Class Learning Objectives
- Demonstrate a thorough understanding of outsourcing business models, regulatory drivers, data governance factors, and risk management frameworks involved in third party risk management.
- Differentiate each of the TPRM program components required to design, implement, and operate a third-party risk management program based upon mitigating different types of third-party risk.
- Illustrate knowledge of the control environment for evaluating third-party risk for each of the risk control domains from the point of view of the outsourcer and the service provider.
- Construct TPRM program requirements to enable the development and execution of a third-party risk assessment process as part of the overall enterprise risk management program.
CTPRP Self-Study Time Period
(Not to exceed 15 weeks)
Upon completion of the enrollment of the class and receipt of class materials, CTPRP candidates will have access to all modules. The learning dashboard will monitor progress and completion of each lesson. CTPRP candidates will have up to 15 weeks to complete the class, schedule their exam, and take the proctored, virtual examination.
CTPRA Curriculum Blueprint
The CTPRA curriculum is based on four practice areas which are outlined in the
Job Practice Guide. The CTPRA curriculum is taught with instructor-led classes in-person or via an internet-based platform. Curriculum materials are provided online in a read-only format.
CTPRA Class Outline
The class outline is grouped by each practice area and contains individual lessons based on the curriculum blueprint. Administrative topics are covered in Module 5, for which no Continuing Professional Education (CPE) credits are issued, and no content is included in the examination. A total of 12 CPEs will be issued upon successful completion of all lessons within the class. CPE Certificates will be issued within 30 days of class completion.
Module 0: CTPRA Course Introduction/Overview (0%)
Module 1: Third Party Risk Management Foundation (15%)
Module 2: Risk Based Due Diligence (20%)
Module 3: Risk Control Domains (50%)
Module 4: Third Party Risk Assessment Process (15%)
Module 5: Examination Preparation & Testing Process (0%)
CTPRA Class Learning Objectives
- Demonstrate a thorough understanding of outsourcing business models, regulatory drivers, and data governance factors involved in third-party risk management in order to understand each of the core components of a TPRM program.
- Incorporate industry and technology assessment frameworks for controls evaluation using risk assessment techniques to conduct various types of assessments based on vendor classification, risk rating, and criticality.
- Evaluate, interpret, and understand a third party's control environment based on analysis of risk factors for each category of third-party risk control domains from the point of view of the outsourcer and the service provider.
- Organize and manage the due diligence and risk assessment process by conducting discovery, review of artifacts, and testing to effectively validate controls, identify and rate risk findings, and identify measures for risk mitigation.
Examination and Badging Protocols
- A remote proctored examination or qualified assessment is required
- A Passing Score of 70% is required to achieve the credential
- Candidates will receive only their pass/fail score percentages for the qualified assessment and not individualized feedback.
Upon completion of the exam, a survey will be presented to provide feedback on the method of instruction, curriculum, materials, or examination content. Feedback will be aggregated into summary reports to improve the overall experience
The Candidate hereby acknowledges that, as a CTPRP or CTPRA certification candidate, he/she will be opted-into Shared Assessments' email distribution, and will participate in an online testing program using the services of Caveon, LLC ("Caveon") and Examity, Inc. ("Examity").
The Candidate further acknowledges that when using the online services of Caveon and Examity, he/she will be subject to and agrees to comply with all the online terms of service applicable to individuals using the services as follows:
- By registering, the individual agrees to opt-in to receive communications from Shared Assessments.
- All of the Caveon Website Terms of Use and Privacy Policy, as such terms may be updated from time to time, except for Section 6 of the Website Terms of Use and the Sections titled “Personal Information” and “Usage Data and Site Activity” in the Caveon Privacy Policy which have been eliminated under Shared Assessments agreement with Caveon.
- All of the Examity website terms of use including, but not limited to, the Privacy Policy as such terms may be updated time to time.
- All of the Credly website terms of use and Privacy Policy.
Experience Validation
Upon receiving notice of the successful completion of the certification examination, individuals must complete the Shared Assessments Proof of Experience application.
This application is provided upon notification of passing the Shared Assessments CTPRP or CTPRA examination. Once complete and verified, the candidate will be issued their CTPRP and/or CTPRA certification with a term period valid for 3 years.
The certification may be maintained without reexamination as long as Certification holders attain and report the required number of Continuing Professional Education (CPE) hours as specified on the Shared Assessments website. Certification holders may be required to participate in an audit of CPE credits at any time for up to two years after submission. Certification holders are solely responsible for the legitimacy of their CPE submissions and recordkeeping.
Candidate Acknowledgement
By registering for this class, I agree and understand the expectations for the Program. I acknowledge and agree that if I fail to comply with the online terms described above, I will be solely responsible for any and all resulting costs or liability and hereby waive any and all claims against Shared Assessments in connection with my use of the online services of Caveon and/or Examity.